on 09-20-2023 12:53 PM
Hi,
From our security team I have a requirement that a group if users login to SAP SuccessFactors using 2FA once per day. Once they have logged in with 2FA they need to login using username/password only for the rest of the day. The rest of the employees login using username/password every single login.
For some reason the first scenario is working as required, but the second isn't. We have setup the IAS session to stay alive for 8 hours. When a user in the 2FA group logs in after the 30 minute time out in SuccessFactors expires they only need to enter username/password (seems like a bug to me). But the secord group (not using 2FA, only username/password) doesn't have to login again and can keep on using SuccessFactors for the entire 8 hours.
Is it possible to configure this in Identity Access Services (IAS)? As far as I know you can only configure how long the IAS session remains alive, so if the session ends the user will need to login again with 2FA. No way to switch between 2FA and username/password depending on last time 2FA was used.
Hope someone can point me in the right direction. @haidongsong @harjeetjudge
Arjen
you are correct that we can not set up a conditional rules to switch between 2FA and username/pwd depending on the last time 2FA login.
BTW, what are the issue with a 8hr timeout period for regular users using username/pwd?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
4 | |
3 | |
2 | |
2 | |
2 | |
2 | |
2 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.